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DETAILED ACTION 

Specification 

The use of the trademarks of Sun, Hewlett Packard, Dell, Windows, LINUX, 
UNIX have been noted in this application. It should be capitalized wherever it appears 
and be accompanied by the generic terminology. 

Although the use of trademarks is permissible in patent applications, the 
proprietary nature of the marks should be respected and every effort made to prevent 
their use in any manner which might adversely affect their validity as trademarks. 

Please accompany all trademark names with their respective ™ symbol. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless -(e) the invention was described in (1) an application for 
patent, published under section 122(b), by another filed in the United States before the invention by 
the applicant for patent or (2) a patent granted on an application for patent by another filed in the 
United States before the invention by the applicant for patent, except that an international application 
filed under the treaty defined in section 351(a) shall have the effects for purposes of this subsection of 
an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 



Claims 1-2, 5, and 7 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Malinen et al. (Publication Number: US 2003/0028763 A1). 
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Claim 1 

Malinen discloses a method of authenticating an electronic device, the electronic device 
having device specific identifying data stored therein, the method comprising: 

obtaining a previously determined challenge response pair associated with the 
electronic device, the challenge response pair being unique and based upon the device 
specific identifying data of the electronic device (Paragraph [0083], lines 7-12; 
Paragraph [001 1], lines 1-3); An authentication gateway 155 maintains an 
authentication session and is able to query the RAND (i.e. challenge) and SRES (i.e. 
system response) for a received International Mobile Subscriber Identifier (IMSI) from a 
local authorization database. An identity associated with a client is equivalent to the 
device specific. 

communicating a challenge portion of the challenge response pair to the 
electronic device (Paragraph [0011], lines 1-5); 

receiving from the electronic device a response to the challenge portion the 
response being based upon the device specific identifying information (Paragraph 
[0011], lines 5-6); and 

comparing the response to a response portion of the challenge response pair to 
authenticate the user (Paragraph [001 1], lines 6-7). 

Claim 2 

Malinen also discloses the method of claim 1 , wherein the step of obtaining a challenge 
response pair comprises obtaining from a database store of challenge response pairs 
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the challenge response pair (Paragraph [0083]; lines 7-12). An authentication gateway 
155 maintains an authentication session and is able to query the RAND (i.e. challenge) 
and SRES (i.e. response) for a received International Mobile Subscriber Identifier 
(IMSI) from a local authorization database. 

Claim 5 

Malinen also discloses the method of claim 1 , wherein the device specific identifying 
data comprises data stored on a subscriber identity module (SIM) card associated with 
the electronic device, or computed by the SIM card upon demand (Paragraph [0006], 
lines 13-14). A key is equivalent to a data. 

Claim 7 

Malinen also discloses the method of claim 1 , wherein the step of obtaining a challenge 
response pair comprises obtaining via a secure communication interface the challenge 
response pair (Paragraph [0073], lines 8-10). 



Claims 8-12 and 14 are rejected under 35 U.S.C. 102(b) as being anticipated by Ekberg 
(International Publication Number: WO 00/02406). 
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Claim 8 

Ekberg discloses a system for device authentication comprising: 

an agent for interrogating an electronic device to obtain at least one challenge 

response pair, the challenge response pair being based upon device specific identifying 

data retained within the electronic device (Abstract, lines 15-27); 

a memory for storing the challenge response pair (Abstract, lines 28-31); and 
an agent for providing the challenge response pair from the memory to a user of 

the challenge response pair for authenticating an electronic device (Abstract, lines 28- 

31). 

Claim 9 

Ekberg also discloses the system of claim 8, wherein the device specific identifying data 
comprises subscribed identity module (SIM) card data from a SIM card within the 
electronic device (Figure 1, box TE1; Page 15, lines 10-12). 

Claim 10 

Ekberg also discloses the system of claim 9, wherein the user comprises a service 
provider having a need to authenticate the electronic device (Figure 1 , box TE1; Page 
15, lines 10-12). 
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Claim 11 

Ekberg also discloses the system of claim 10, wherein the agent for interrogating and 
the agent for providing are associated with the service provider (Abstract, lines 15-27). 

Claim 12 

Ekberg also discloses the system of claim 8, the challenge response pair comprising a 
challenge portion and a response portion, and wherein the user is operable to 
communicate the challenge portion to the device and to receive from the device a 
response based upon the challenge and the device specific identifying data. The 
system of claim 8 has capability to do all functions in claim 12. 

Claim 14 

Ekberg discloses a method of providing an authentication service comprising the steps 
of: 

obtaining from an electronic device a plurality of challenge response pairs the 
challenge response pairs having a challenge portion and a response portion, the 
response portion being based upon the challenge and device specific identifying data 
associated with the electronic device (Abstract, lines 15-27); 

storing the challenge response pairs (Abstract, lines 28-31); and 
providing responsive to a request for an authentication service a challenge 
response pair to a service provider for authenticating the electronic device (Abstract, 
lines 28-31). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 

USPQ 459 (1966), that are applied for establishing a background for determining 

obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 



Claims 3 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable over Malinen 
et al. (Publication Number: US 2003/0028763 A1) in view of Ekberg (International 
Publication Number: WO 00/02406). 



Claim 3 

Malinen discloses the method of authentication an electronic device in claim 1 but does 
not disclose that the step of obtaining a challenge response pair comprises generating 
and storing a plurality of challenge response pairs. 
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Ekberg discloses to obtain the challenge response pair comprises generating and 
storing a plurality of challenge response pairs (Abstract, lines 15-18). In order to fetch a 
challenge response pair in a mobile communication system, it has to generate and store 
the challenge response pair in this mobile system. Thus, it would have been obvious to 
the person of ordinary skill in the art at the time of the invention was made to modify the 
method of Malinen by including the step of obtaining a challenge response pair 
comprises generating and storing a plurality of challenge response pairs because it 
would allow a simple and smooth authentication of users in a geographically large area. 

Claim 6 

Malinen discloses the method of authentication an electronic device in claim 1 but does 
not disclose discarding the challenge response pair after use. Ekberg discloses to 
discard the challenge response pair after use (Col 6, lines 53-65). Thus, it would have 
been obvious to the person of ordinary skill in the art at the time of the invention was 
made to modify the method of Malinen by including the step of discarding the challenge 
response pair after use because it will prevent anyone from using it again. Thus, it 
would enhance security. 
« 

Claims 13,15, and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ekberg (International Publication Number: WO 00/02406) in view of Blom (Publication 
Number: 2003/0233546 A1). 
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Claim 13 

Ekberg discloses a system for device authentication in claim 8 but does not disclose 
the agent for providing the challenge response pair comprises a challenge response 
pair broker. Blom discloses the agent for providing the challenge response pair 
comprises a challenge response pair broker (Paragraph [0017]; Paragraph [0024], lines 
16-25; Paragraph [0061], lines 11-16). A service provider is equivalent to a broker. 
Thus, it would have been obvious to the person of ordinary skill in the art at the time of 
the invention was made to modify the system of Ekberg by including the agent for 
providing the challenge response pair that comprises a challenge response pair broker 
because it would provide an improved system for authentication user at an intermediate 
party. 

Claim 15 

Ekberg discloses the method of providing an authentication service in claim 14 but does 
not disclose the step of obtaining from an electronic device a plurality of challenge 
response pairs comprises generating from a subscribed identify module (SIM) card a 
plurality of challenge response pairs and providing the SIM card to a user of the 
electronic device. Blom discloses the step of obtaining from an electronic device a 
plurality of challenge response pairs comprises generating from a subscribed identify 
module (SIM) card a plurality of challenge response pairs and providing the SIM card to 
a user of the electronic device (Paragraph [0024], lines 16-20). Thus, it would have 
been obvious to the person of ordinary skill in the art at the time of the invention was 
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made to modify the method of providing authentication service of Ekberg by including 
the step of obtaining from an electronic device a plurality of challenge response pairs 
that comprises generating from a subscribed identify module (SIM) card a plurality of 
challenge response pairs and providing the SIM card to a user of the electronic device 
because it would provide an improved service for authentication user at an intermediate 
party. 

Claim 16 

Ekberg discloses the method of providing an authentication service in claim 14 but does 
not disclose the step of providing response to a request for an authentication service a 
challenge response pair that comprises vending the challenge response pair. Blom 
discloses the step of providing response to a request for an authentication service a 
challenge response pair comprises vending the challenge response pair (Paragraph 
[0024], lines 21-25; Paragraph [0061], lines 11-16). A service provider is equivalent to a 
broker. Thus, it would have been obvious to the person of ordinary skill in the art at the 
time of the invention was made to modify the method of providing authentication service 
of Ekberg by including the step of providing response to a request for an authentication 
service a challenge response pair that comprises vending the challenge response pair 
because the above challenge response service enables the intermediate party to prove 
that the user as been properly authenticated. 
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Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over Ekberg 
(International Publication Number: WO 00/02406) in view of Malinen et al. (Publication 
Number: US 2003/0028763 A1 ) 

Claim 17 

Ekberg discloses the method of providing an authentication service in claim 14 but does 
not disclose the step of providing response to a request for an authentication service a 
challenge response pair that comprises securely communicating the challenge 
response pair to the service provider. Malinen discloses the step of providing response 
to a request for an authentication service a challenge response pair that comprises 
securely communicating the challenge response pair to the service provider (Paragraph 
[0073], lines 8-10). Thus, it would have been obvious to the person of ordinary skill in 
the art at the time of the invention was made to modify the method of providing 
authentication service of Ekberg by including the step of providing response to a 
request for an authentication service a challenge response pair that comprises securely 
communicating the challenge response pair to the service provider because it would 
provide a service to secure a communication between two entities. 

Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Malinen et al. 
(Publication Number: US 2003/0028763 A1) in view of Blom (Publication Number: US 
2003/0233546 A1). 
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Claim 4 

Malinen discloses the method of authentication an electronic device in claim 1 but does 
not disclose obtaining a challenge response pair that comprises obtaining a challenge 
response pair from a challenge response pair broker. Blom discloses to obtain the 
challenge response pair by obtaining a challenge response pair from a challenge 
response pair broker (Paragraph [0017]; Paragraph [0024], lines 16-25; Paragraph 
[0061], lines 1 1-16). A service provider is equivalent to a broker. Thus, it would have 
been obvious to the person of ordinary skill in the art at the time of the invention was 
made to modify the method of Malinen by including step of obtaining the challenge 
response pair from the challenge response pair broker because it would provide an 
improved method for authentication for user at an intermediate party. 



Conclusion 

The prior arts made of record and not relied upon are considered pertinent to 
applicant's disclosure. The McClain (Pub. No.: 2004/0097217 A1) discloses 
A system and method for providing authentication and authorization utilizing a personal 
wireless communication device. The Castrogiovanni et al.(Pub. No.: 2003/0211841 A1) 
discloses a method, apparatus and article to remotely associate wireless 
communications devices with subscriber identities and/or proxy wireless 
communications devices. The Svensson (Pub. No.: 2003/0120920 A1) discloses a 
remote device authentication. The Swift et al. (Patent No.: 6,377,691 B1) discloses 
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challenge-response authentication and key exchange for a connectionless security 
protocol. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Canh Le whose telephone number is 571-270-1380. 
The examiner can normally be reached on Monday to Friday 7:30AM to 5:00PM other 
Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Walter Griffin can be reached on 571-272-1447. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



WALTER D. GRIFFIN 
SUPERVISORY PATENT EXAMINER 



Canh Le 

November 16,2006 



